Kenya’s IEBC Denies Servers Were Hacked to Steal Personal Details from 61,000 Voters

Image sourced from Brookings.edu.

Kenya’s Independent Electoral and Boundaries Commission (IEBC) has refuted claims that hackers infiltrated its servers and obtained the personal details of at least 61,000 registered voters.

This comes after reports from the Directive of Criminal Investigators (DCI) were released, saying that the directive has arrested a 21-year old fraud suspect claimed to have allegedly hacked into the IEBC’s servers.

Only identified by the alias ‘Kiprop’ by the DCI, the suspect is said to be the mastermind behind a high-tech mobile phone scam syndicate that has been stealing millions of dollars from M-Pesa agents across Kenya.

DCI’s Report

According to Nation, the DCI claim that Kiprop gained access to IEBC’s database and stole the personal details of 61,617 registered voters in the country. Data found in the suspect’s possession include names of registered voters, their ID numbers and birth dates.

Kiprop is believed to have previously worked for one of Kenya’s mobile phone networks. They were arrested on Friday morning, with a gunny bag filled with Safaricom, Airtel and Telkom SIM cards seized from their possession.

They were arrested in Juja, and found by the Crime Research and Intelligence Bureau, with support from Safaricom’s fraud investigation team and security officers from the Jomo Kenyatta University of Agriculture and Technology.

IEBC Claims Fake News

IEBC chairman Wafula Chebukati released a statement on Sunday claiming that “information circulating in the media to the effect that a suspect has hacked into the IEBC database and acquired personal details of registered voters from a county in western Kenya” is not factual.

Chebukati explains that the register of voters is kept in a Biometric Voter Registration (BVR) system, which he claims has never been tampered with since its installation eight years ago.

Further, he explains that the IEBC’s systems are isolated and “not connected to the open internet,” meaning that hackers will not be able to gain access to it.

“In addition, the rest of the commission’s entire internal network is behind a high-security firewall system.”

Possible Sources of the Information Leak

Chebukati says that the data in question could have been obtained from entities that acquired the voter information through legitimate means, as the Constitution allows the IEBC to give part of the register of voters – for specific electoral areas – at a fee.

“The commission services numerous requests by various entities requiring the register of voters for specific electoral areas. These requests are serviced upon payment of certain fees and in accordance with privacy laws requiring personally identifiable information to be kept confidential,” he says.

“What is currently being reported in the media is not data obtained through hacking of the BVR system but possibly from entities that may have legitimately obtained it from the commission through formal requests and upon payment of requisite fees.”

By Luis Monzon
Follow Luis Monzon on Twitter
Follow IT News Africa on Twitter